[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password file with over 3000 users.

Craig Sanders wrote:

> if you have the libnss-db package (part of nsswitch) installed, you have
> everything you need already.

Thanks. This is exactly what I need. I actually found this and got it
running shortly after I posted my original message. Everything is in
Debian - except the documentation!

My setup is pretty much exactly as you recommend.

> PS: this works.  i did this several years ago on one server when the number of
> accounts grew to about 5000.  there is one small catch - with the cron job
> running every 5 minutes, there is a small window of time when the source files
> in /etc have been updated but the .db versions haven't been regenerated yet.

Just one small addition.

I added this line to end of our /usr/local/sbin/adduser.local

[ -e /var/lib/misc/Makefile ] && cd /var/lib/misc/ && make

And I have a cron job which runs the same command once per hour to
effect deletions and account locking etc.

I will have to look into controlling the cron spam.

We actually use this password file across a couple of servers with a
cron job that copies it across with rsync every 5 minutes. At some stage
I must look at a SQL or LDAP based solution. I originally chose the
rsync because each server can run on its own if one goes down and there
are no performance issues. But libpam-ccreds and nss-updatedb appear to
offer the same functionality when coupled with ldap.

We already have a postgresql backend for our radius server, would it be
better to run SQL -> LDAP -> nss or go directly from SQL -> nss?



Reply to: